By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post
/Control Tower that the parent organizational unit is not enrolled in AWS Control Tower, when it is/

Control Tower that the parent organizational unit is not enrolled in AWS Control Tower, when it is

0

I get the following error when i try to programmatically create a new account in a OU: InvalidParametersException The parent organizational unit 'ou-xxx-xxx' is not enrolled in AWS Control Tower

It's an empty OU without any accounts, but it says registered in the control tower console

Topics
Management & Governance
Tags
AWS Control TowerAWS OrganizationsAWS Service CatalogAWS Account Management
McDoit
asked 6 months ago103 views
1 Answers
0

Ok so it's unclear how you are programmatically create new account.

However, I'm assuming you are using the Service Catalog API, as specified here.

Please make sure the ManagedOrganizationalUnit field has the specific format of OU_NAME (OU_ID)

As seen below:

{
  pathId: "lpv2-7n2o3nudljh4e",
  productId: "prod-y422ydgjge2rs",
  provisionedProductName: "Example product 1",
  provisioningArtifactId: "pa-2mmz36cfpj2p4",
  provisioningParameters: [
    {
      key: "AccountEmail",
      value: "abc@amazon.com"
    },
    {
      key: "AccountName",
      value: "ABC"
    },
    {
      key: "ManagedOrganizationalUnit",
      value: "Custom (ou-xfe5-a8hb8ml8)"
    },
    {
      key: "SSOUserEmail",
      value: "abc@amazon.com"
    },
    {
      key: "SSOUserFirstName",
      value: "John"
    },
    {
      key: "SSOUserLastName",
      value: "Smith"
    }
  ],
  provisionToken: "c3c795a1-9824-4fb2-a4c2-4b1841be4068"
}
Jason_S
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant questions